Skip to main content

Installing and configuring Active Directory Domain Services using PowerShell


In this tutorial, we will learn how to install Active Directory Domain Services using PowerShell cmdlets

Before proceeding to install, we will check the available features to install.
We will use Get-WindowsFeature cmdlet to get the available features to install.
 
Result will be as below and you can see Active Directory Domain Services is available to install.

Machine generated alternative text:
PS Get-WindowsFeature 
Di splay 
[ ] Active Directory Certificate Services 
Certification Authority 
Certificate Enrol Iment Policy Web Service 
Certificate Enrol Iment Web Service 
Certification Authority Web Enrollment 
Network Device Enrol Iment Service 
Online Responder 
[ ] Active Directory Domain Services 
[ ] Active Directory Federation Services 
AD—Certi cate 
AXS—Enr -Web- POI 
AXS—Enr 011 -Web- Svc 
I ment 
AXS—Devi ce-EnroI Iment 
AXS—On I i ne—Cert 
AD- Doma i n—Ser vi ces 
ADFS—Federati on 
Instal State 
Avai I abl e 
Avai I abl e 
Avai I abl e 
Avai I abl e 
Avai I abl e 
Avai I abl e 
Avai I abl e 
Avai I abl e 
Avai I abl e

Run the below cmdlet to install the Active Directory Domain Services including all the management tools (Need reboot the complete the installation).

Install-WindowsFeature -IncludeManagementTools AD-Domain-Services

To cross verify installation you can run the Get-WindowsFeature once again and check the results, status of Active Directory Domain Services should change to Installed as in below screen shot.
 
Machine generated alternative text:
ps C: Get-Win 
Display Name 
s Feature 
] Active Directory Certificate Services 
C ] Certification Authority 
] Certificate Enrol Iment Policy Web Service 
] Certificate Enrol Iment Web Service 
] Certification Authority Web Enrol Iment 
] Network Device Enrol Iment Service 
] Online Responder 
[X] Active Directory Domain Servi ces 
C ] Active Directory Federation Services 
Name 
AD-Certifi cate 
AXS-Cert-Authority 
ADCS-Enrol -I -Web-Pol 
ARS-Enrol -I -Web-Svc 
ADCS-Web-EnroI Iment 
ARS-Devi ce-EnroI Iment 
ADCS-Onl i ne-Cert 
AD- Domai n -Servi ces 
ADFS-Federation 
Install State 
Available 
Available 
Available 
Available 
Available 
Available 
Available 
Installed 
Available

Post this we need to promote this server as Domain controller to complete the configuration.
As this is a totally new setup we are configuring as First domain controller in new forest as we don't have existing forest.
To do this run the below cmdlets.
Install-ADDSForest
It will ask for few inputs to proceed with, you can see in below pic.

I have given the Domain name and the safemodeadminpassword to proceed and Type "Y" to promote the domain controller.
 
Machine generated alternative text:
ps C: Insta -ADDSForest 
cmdlet Install-ADDSForest at conmand pipeline position I 
Supply values for the following parameters: 
DomainName: test.com 
SafeNodeAdmi n i str atorPassword : 
onfirm Saf&odeAdministratorPassword: 
he target server will be configured as a domain controller 
C"' you want to continue with this operation? 
[Y] Yes CA] Yes to All 
[N] No [L] No to Al I CSI Suspend 
and restarted when this operation is complete. 
C?] Help (default is "Y"): Y—

It will validate the environment, user input and Prerequisites for domain controller operation before proceeding.

Machine generated alternative text:
ps C: Insta 
-ADDSForest 
Instal -ADDSFor est 
Validating environment and user input 
Verifying prerequisites for domain control ler operati on. _ 
Do you want to continue with this operation? 
[Y] Yes CA] Yes to All 
[N] No [L] No to All CSI Suspend C?] Help (default is "Y"): y 
ARNING: Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography 
algorithms compatible with Windows NT 4. O" that prevents weaker cryptography algorithms when establishing security 
channel sessions. 
For more information about this setting, see Knowledge Base article 942564 
(http://go.mi crosoft . com/fwl i nk/?Li nkId=104751) .

Post installation, you can verify the status of the server role by using Net Accounts command, the role will appear as Primary, earlier it was Server as there is no ADDS role installed on this, find the below pic for more info.
 
Machine generated alternative text:
PS net accounts 
Force user logoff how long after time expires?: 
Minimum password age (days) : 
Maximum password age (days) : 
Minimum password length: 
Length of password history maintained: 
Lockout threshold: 
Lockout duration (minutes) : 
Lockout observation window (minutes): 
Computer role: 
The command completed successfully. 
Never 
None 
Never 
PRIMARY

And you can find the below administrative tools to manage the Active Directory.
Active Directory Administrative Center 
Active Directory Domains and Trusts 
Active Directory Module for Windows PO... 
Active Directory Sites and Services 
Active Directory Users and Computers 
ADSI Edit

This concludes the tutorial.

Thank you! Happy Learning :)

Comments

Popular posts from this blog

WMI Error - Windows Management files may be moved or missing.

WMI ERRORs: Symptoms: >>Unable to open System Information. >>WMI Error - Windows Management files may be moved or missing. Resolution : Navigate to Start >> All programs >> accessories >> right click on CMD >> run as administrator, and run the below commands one by one. 1)     sc config winmgmt start= disabled 2)     net stop winmgmt /y 3)     %systemdrive% 4)     cd %windir%\system32\wbem 5)     for /f %s in ('dir /b *.dll') do regsvr32 /s %s     6)     regsvr32 %windir%\system32\tscfgwmi.dll           7)     wmiprvse /regserver                                 ...

Unable to transfer Schema master role from Primary Domain Controller to Additional domain controller (backup server) In Windows Server

Issue: Unable to transfer Schema master role from PDC to ADC. Symptoms: You will get below error while transferring Schema master using NTDSUTIL fsmo maintenance: seize schema master Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x32(50 (Insufficient Rights). Ldap extended error message is 00002098: SecErr: DSID-0315137D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Resolution: Add your user to Enterprise admin  group in Active directory to resolve this issue.

Installing Reporting Services Point role in SCCM Current Branch 1702

In Today’s tutorial, we will learn about the Configuration of Reporting Services Point role in SCCM CB 1702. Before moving ahead, we will throw some lights on to understand the Reporting Services Point Role in SCCM. What is Reporting Services Point Role? A reporting services point integrates with SQL Server Reporting Services to create and manage reports for Configuration Manager. The reporting services point copies report folders and reports to SQL Server Reporting Services, applies the security policy for the reports and folders, and sets configuration settings in Reporting Services. The reporting services point is a site system role that must be configured on a server with Microsoft SQL Server reporting services installed and running. To install and configure follow the below steps. In the Configuration Manager console, Click on Administration, Site Configuration, right click on Sites and click on Add Site System roles. Provide the required details and Click next to continue. ...